It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4.
References
Configurations
No configuration.
History
21 Nov 2024, 09:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/canonical/pebble/security/advisories/GHSA-4685-2x5r-65pj - | |
References | () https://www.cve.org/CVERecord?id=CVE-2024-3250 - |
06 Nov 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | CWE-732 |
04 Apr 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4. |
04 Apr 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-04 15:15
Updated : 2024-11-21 09:29
NVD link : CVE-2024-3250
Mitre link : CVE-2024-3250
CVE.ORG link : CVE-2024-3250
JSON object : View
Products Affected
No product.
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource